On Thu, 24 Oct 2013, Noel Torres wrote:
The promised rough draft:
Initial Draft about OpenPGP Server-side Signed E-mail (OPSS e-mail)
I don't understand how this adds anything to STARTTLS with TLSA/DNSSEC, apart from being able to get a remote server key from a HKP server, which in itself is completely untrusted without web-of-trust verification by a human. In fact, TLS with DHE would be more secure agaisnt a pervasive monitor that obtains access to a mailserver's private openpgp key. What would doing openpgp encryption within TLS add security wise? Paul _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
